MenuSearchA-ZSeven Schools One University

Menu

Close Menu
Info For
Resources
Seven Schools One University

A–Z

Close Menu

Risk Assessment / Risk Mitigation Matrices

Each Federal research funding agency has its own framework for identifying and mitigating foreign interference risks. For institutions and researchers navigating the funding landscape, understanding these distinctions matters.

This overview examines the risk assessment approaches of four major federal funders: NIH, NSF, DOE, and the DOD. 

Overarching Risk Assessment Matrix / Paradigm Decision Matrix for Assessing Potential Foreign Interference for Covered Individuals or Senior/Key Personnel
Lookback Period

5 years preceding the submission being reviewed
Factors Assessed

Indicators of:

  • Participation in a Malign Foreign Talent Recruitment Program (MFTRP)
  • Incomplete disclosure of participation in a Foreign Talent Recruitment Program (FTRP)
  • Incomplete disclosure of funding from a Foreign Country of Concern (FCOC) or FCOC-connected entity
  • Incomplete disclosure of funding from a non-FCOC foreign country or entity
  • Incomplete disclosure of affiliation with an institution or entity located in or connected to an FCOC
  • Incomplete disclosure of affiliation with an institution or entity located in or connected to a non-FCOC foreign country
Risk Levels

Prohibited Factors, Mitigation Measures Required, Recommended, Suggested, or Not Needed

 

NIH has long required applicants and recipients to disclose current and pending other support and to, as appropriate, submit management plans for significant financial conflicts of interest. NIH uses the disclosures of current and pending other support to ensure that there is no scientific, budgetary, or commitment overlap (NIH GPS 2.5.1).

  • Scientific overlap occurs when (1) substantially the same research is proposed in more than one application or is submitted to two or more funding sources for review and funding consideration or (2) a specific research objective and the research design for accomplishing the objective are the same or closely related in two or more applications or awards, regardless of the funding source.
  • Budgetary overlap occurs when duplicate or equivalent budgetary items (e.g., equipment, salaries) are requested in an application but already are provided by another source.
  • Commitment overlap occurs when an individual's time commitment exceeds 100 percent (i.e., 12 person months), whether or not salary support is requested in the application.
  • Overlap, whether scientific, budgetary, or commitment of an individual's effort greater than 100 percent, is not permitted. Any overlap will be resolved by the agency with the applicant and the Principal Investigator at the time of award.

NIH has developed this Matrix as a guide to assist NIH in reviewing grant applications and ongoing awards for signs of potential foreign interference, and in appropriately mitigating risk. The rows describe conditions in which NIH will contact the grant applicant or recipient for further information, and in which mitigation may be required, recommended, or not needed. For further information, please select the link in the table.

Rating

Factor 1: Foreign Talent Recruitment Program

Factor 2: Foreign Funding

Factor 3: Affiliation with Foreign Institutions  or Entities

Overarching Risk Assessment Matrix / Paradigm Description of NSF Trusted Research Using Safeguards & Transparency Program (TRUST)
Lookback Period

Not specified
Factors Assessed
  • Active personnel appointments and positions
  • Instances of non-compliance with disclosure and other requirements
  • Potential foreseeable national security considerations
Risk Levels

Not published. NSF does not have a published risk assessment matrix. It provides a description of its overall process.

 

Developed by the NSF Office of the Chief of Research Security Strategy and Policy (OCRSSP), the TRUST framework includes three branches. The first focuses on assessing active personnel appointments and positions, while the second focuses on identifying instances of noncompliance with disclosure and other requirements. The third branch — the inclusion of potential foreseeable national security considerations — represents a significant new effort for NSF. The framework is designed to avoid curtailing beneficial research activities due to institutions or individuals in the community being overly cautious, protect the agency's core values of fairness and due process and maintain open lines of communication with the research community.

The TRUST process will be rolled out in three phases. Beginning in FY 2025, the process will be piloted on quantum-related proposals. The pilot will collect data and assess key metrics, monitor the impact on NSF directorates and build and evaluate NSF's ability to review the potential national security applications of NSF-funded technology. In the second phase, lessons learned from the pilot phase will be implemented and the process will be expanded to include other key "CHIPS and Science Act of 2022" technology areas. In phase 3, NSF will scale up the review process to include all key technology areas and/or the priorities of the NSF Technology, Innovation and Partnerships Directorate's priorities.

NSF reserves the right to perform risk assessments, using analytical tools, of proposals and awards submitted to the Foundation to assess nondisclosures of required information from senior/key personnel, and establish other policies and procedures for identifying, communicating, and addressing security risks that may threaten the integrity of Foundation-supported research and development.

NSF proposers and recipients are required to maintain supporting documentation, including copies of contracts, grants, or any other agreements specific to foreign appointments, employment with a foreign institution, participation in a foreign talent recruitment program and other information reported as current and pending (other) support for all senior/key personnel that must be available to NSF upon request. Proposers and recipients are expected to review requested supporting documentation for compliance with NSF award terms and conditions.

Overarching Risk Assessment Matrix / Paradigm DOE memorandum – Department of Energy Research, Technology, and Economic Security Framework for Financial Assistance and Loan Activities (RTES)
Lookback Period

No specific lookback period specified, but 2019 is cited as a baseline year. DOE states that it will consider whether an activity was conducted in the past but has not been discontinued.
Factors Assessed
  • Foreign ownership, control, and influence
  • Risks related to project personnel concerning foreign connections and affiliations (e.g., MFTRPs)
  • Technology risks (e.g., project involves critical and emerging technologies of concern)
  • Ensuring transparency
  • Risk of IP theft
  • Physical threats (e.g., access to sensitive information that could expose vulnerabilities exploitable by adversaries)
  • Procurement of equipment that may have embedded surveillance technology
  • Undisclosed project collaborations with foreign entities or individuals
  • Supply chain risks
Risk Levels

Not published. DOE does not have a published risk assessment matrix. It provides a description of its overall process.
Comments

Phased Review

  • Phase I: Review of notices of funding opportunities, other transaction authorities, and other solicitations prior to publication to ensure inclusion of appropriate language advising applicants of applicable RTES requirements.
  • Phase II: RTES due diligence review prior to selection of a proposal for award.
  • Phase III: Additional RTES review may be triggered during the life of a project when there are changes to the project, personnel, or ownership/control that could affect RTES.

 

DOE RTES reviews include, but are not limited to: Project Technical Descriptions, Biographical Sketches/CVs/Resumes, Current and Pending Support Disclosures, Transparency of Foreign Connections Disclosures, and relevant publicly-available information. RTES may also request additional information to clarify or explain disclosures it receives (see section on clarifications below). DOE will also draw on classified sources and DOE/NNSA Program Office technical expertise to inform the RTES review.

RTES Risk Factors

DOE will use RTES risk factors as guidelines (understanding reviews often require flexibility to evaluate unique threats, vulnerabilities and consequences) when assessing risk levels and to determine mitigation strategies for the individuals and entities participating in DOE/NNSA-funded projects.

  • Risk Factors for Covered Individuals on DOE-funded Proposals or Projects: DOE may assess ties to malign foreign talent recruitment programs, certain foreign funding sources (both monetary and in-kind), certain concerning behaviors associated with patenting (e.g., transferring to foreign entities after filing), and ties to foreign entities or foreign collaborators on specified lists2F3 or with specified characteristics. Foreign birth and citizenship do not, in and of themselves, constitute risk factors.
  • Risk Factors for Covered Entities on DOE-funded Proposals or Projects: DOE may assess foreign ownership or control, criminal or regulatory issues, the supply chain for any sensitive equipment/supplies, and ties to entities on specified lists.
  • Risk Factors Tied to Date of Activity or Relationship: DOE recognizes that the research community is still adjusting to the altered geopolitical landscape, in which certain collaborations that were encouraged prior to 2019 are now recognized for the risks they may pose. DOE takes that into account in the RTES risk assessment. If activities occurred in the past, consideration is given to whether the activity was an isolated incident, or whether it is part of a pattern. Dates and types of activity are weighted in the risk assessment. As a general rule, if DOE sees activities or relationships that pose a risk, DOE may request confirmation that the relationship has ceased. For past affiliations4F5, associations or collaborations with entities on specified lists, DOE will consider the date the entity was added to the lists as part of the risk assessment.
  • Risk Factors Weighed Against Technology Considerations: If the risk indicators are present on a proposed or existing project, consideration is given to whether the project falls within a critical and emerging technology area, whether the project will have physical or cyber access to critical infrastructure, and any project work with proximity to a military installation. The same type of risk indicator can therefore warrant a different mitigation outcome, depending on the specific technology area and project.
  • Risk Factor Stewardship: The RTES Office will serve as the steward of the RTES Risk Factors and any subsequent resources (e.g., matrices). The RTES Office will coordinate the publication of subsequent resources with input from the RTES Policy Working Group, and, as appropriate, feedback from stakeholders, including from the scientific community.

Overarching Risk Assessment Matrix / Paradigm 2026 DOW Component Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions
Lookback Period

Past 5 years.
Factors Assessed

Prohibited Factors

  • Indicators of a Covered Individual's active participation in a Malign Foreign Talent Recruitment Program (MFTRP) — participation prohibited.
  • Funding of, or to, an entity on any of the Prohibited Entity Lists, or employees of such entities.
  • Active collaboration for the specific purpose of fundamental research between a Covered Individual and any academic institution or entity (or employee of such an institution or entity) that is on the current Prohibited Entity Lists.

Mitigation Measures Required if Within the Past 5 Years

  • Indicator(s) of a Covered Individual's participation in an MFTRP, or participation in an MFTRP by the Covered Individual's co-authors on publications in scientific and engineering journals.
  • Indicator(s) that a Covered Individual received funding from a Country of Concern (COC) or Foreign Entity of Concern.
  • A patent application or patent that resulted from USG-funded research filed in a COC, or on behalf of a COC-connected entity, prior to filing in the U.S.
  • Patent applications or patents not disclosed in a proposal that resulted from USG-funded research and were filed in a COC, or on behalf of an entity in a COC, prior to filing in the U.S.
  • Patent or co-patent applications with an individual affiliated with any entity on the version of the Prohibited Entity Lists in effect at the time of the patent or application.
  • Indicator(s) of affiliation with an entity on any Prohibited Entity Lists at time of review.
  • A Covered Individual's co-author on a publication in scientific or engineering journals is affiliated with an entity on any Prohibited Entity List at time of review.
Risk Levels

Prohibited Factors, Mitigation Measures Required, Recommended, Suggested, or Not Needed

 

Factors of the Decision Matrix

Foreign talent recruitment programs – participation in, or affiliation with, efforts designed to recruit science and technology professionals and/or students on behalf of a foreign government is potentially problematic, especially if those efforts are organized, managed, or funded by an FCOC

Funding sources – accepting funding from FCOCs may create an obligation to that FCOC that conflicts with USG goals for funded research effort

Conflicting Patents – patents arising from US–funded research filed in a foreign country before being filed in the U.S. can be an indicator of undisclosed agreements with a foreign country

Entity Lists – problematic actors that affiliation or association with could create a conflict of interest or conflict of commitment.

Effective in FY2026, the DoW is prohibited from using any funds for fundamental research grants, contracts, or other assistance to institutions of higher education that involve collaboration with any entity on select entity lists. This restriction forbids conducting research with or using equipment from a listed entity and applies to all employees of such institutions.

The 1286 List is of particular interest to the academic community. It contains foreign institutions confirmed to engage in problematic activities as defined in Section 1286 of the FY2019 National Defense Authorization Act.

Collaborating with entities on the 1286 List, or individuals affiliated with those entities, may negatively impact eligibility for federal funding.

Contact

Research and Development

620 W. Lexington St.
Fourth Floor
Baltimore, MD 21201

410-706-6723

The University of Maryland, Baltimore is the founding campus of the University System of Maryland.

620 W. Lexington St., Baltimore, MD
21201 | 410-706-3100

The University of Maryland, Baltimore prohibits sex discrimination in any education program or activity that it operates. Individuals may report concerns or questions to the Title IX Coordinator. Read the UMB Notice of Non-Discrimination.
© 2025-2026 University of Maryland, Baltimore. All rights reserved.